Countering corruption

Effective corruption control is structured around reinforcing categories and foundational principles. Attention can be focused on priority domains and corruption prevention measures can be assessed to ensure they are working.

Corruption control categories

Prevention is often more effective and less costly than responding after harm has occurred. The following categories provide a potential strategic framework for effective corruption control: capability, prevention, detection and response.

Capability

Capability shapes how people understand, internalise and apply integrity expectations in their day-to-day work. It is built through clear guidance, practical training, leadership and the active modelling of ethical behaviour. Social norms matter. When employees see that integrity is expected, reinforced and demonstrated by leaders and peers it weakens rationalisations such as “everyone else is doing it” and makes corruption less likely to take hold.

See how capability controls guide expected behaviours

Prevention

Prevention is the first line of defence. It primarily reduces the opportunity for corruption by designing systems, processes and controls that limit unchecked discretion, increase transparency and embed proportionate controls into everyday operations. Effective prevention does not rely on trust alone. It anticipates where risks arise and uses sound design to make improper behaviour more difficult, more visible and less rewarding.

Put in place prevention controls to reduce the opportunities for fraudsters

Detection

No prevention system is flawless. Detection ensures that when corruption does occur, it is identified early, limiting harm and enabling a timely intervention. Effective detection relies on multiple reinforcing mechanisms, including data analytics, audit trails, behavioural indicators and a reporting culture where people feel safe to speak up. Detection must also be visible. When employees know that monitoring is active and controls operate in practice, detection strengthens both early intervention and deterrence.

Learn how detection controls support timely identification of fraud so it can be disrupted

Response

When corruption is identified or suspected, the response must be prompt, consistent and proportionate. Clear process should set out how concerns are assessed, how evidence is secured and how matters are escalated – whether through internal investigation, disciplinary action or referral to law enforcement. An effective response demonstrates that standards are applied in practice, strengthens deterrence and builds confidence among employees that raising concerns will lead to fair, credible and protective outcomes.

Find response controls that can be activated after fraud has occurred to contain further harm

Corruption control principles

These principles form the structural foundation of an effective corruption control framework. They reflect widely recognised international practice and can apply to any New Zealand public sector organisation.

Proportionate procedures

Prevention measures should match an organisation's size, risk profile and operating environment. Procedures work best when built into everyday practice rather than treated as standalone compliance tasks. They should be practical, easy to understand and applied consistently.

Risk assessment

A structured risk assessment identifies corruption risks across functions and roles, assesses their likelihood and impact, identifies and reviews existing controls, and highlights areas needing attention. Risk assessments should be reviewed regularly and updated when significant changes occur, such as new programmes, organisational restructures or shifts in the external environment. They work best when a senior leader is accountable for them and they are kept up to date as risks, roles and controls change over time.

Assess your organisation's fraud and corruption exposure and weaknesses to put in place the most effective controls

Due diligence

Organisations benefit from understanding who they work with, especially when third parties act on their behalf or hold ongoing influence. Due diligence should be proportionate to the nature of the relationship and the risks involved. It is most effective when revisited over time, particularly when circumstances change.

Monitoring and review

Prevention measures should be monitored and reviewed regularly, looking at patterns in declarations, reviewing due diligence outcomes, testing the effectiveness of controls and examining themes in reported concerns. Monitoring needs to be active and analytical. Trends in gifts and hospitality, procurement decisions or conflict of interest disclosures can reveal emerging risks early.

Communication and training

Employees need a clear understanding of what corruption looks like in their context, the red flags and warning signs to watch for, and what to do if they have concerns. Awareness should be tailored to the level of risk in each role, with more detailed guidance for staff in high-risk areas. All employees should know how to raise concerns and the protections available to them.

Explore examples of effective counter fraud and corruption messaging to use in your communications

Corruption control priority domains

Effective counter corruption efforts require a deliberate, risk-based approach that directs resources to the areas of greatest vulnerability. All controls will have a cost – financial, staff time or operational complexity – so consider prioritising action in high-risk processes and finding the appropriate balance between mitigating the corruption risk and the resource investment required.

Conflicts of interest

Conflicts of interest are one of the most common and significant risk factors in the public sector and feature in many corruption cases. Because conflicts of interest frequently arise before misconduct occurs, they are a critical point for prevention. When identified early and managed effectively, they can be addressed without harm. When they are not disclosed or are poorly managed, they can allow corruption to develop and become more difficult to detect.

Third-party and supply chain risk

Suppliers, contractors, consultants, agents, subcontractors and grant recipients can all expose an organisation to corruption risk even when internal controls are strong. This risk has two dimensions: third parties may engage in corrupt conduct connected to the organisation's work, and they may attempt to influence employees through gifts, hospitality, kickbacks or other inducements.

See real Serious Fraud Office cases that show the importance of robust supplier management processes

Post-employment and revolving door

Some of the least visible corruption risks arise after a person leaves public service. When senior public officials move into private sector roles with organisations they previously regulated, oversaw or awarded contracts to, the integrity of their earlier decisions may be questioned even when no misconduct occurred. The core issue is the potential use of insider knowledge, relationships or influence gained in one role being transferred to the next.

Insider threat

Insider threat is widely recognised as a significant but often overlooked corruption risk in the public sector. It refers to the risk that people already inside an organisation may misuse the access, authority or information their role provides for private gain. When someone understands a process well, they can exploit discretion or control gaps in ways that are hard to identify, sometimes over long periods, until serious harm has occurred.

Become familiar with the red flags of insider threat

Assessing corruption prevention measures

A prevention framework must be assessed to be improved. Corruption prevention is difficult to measure because the absence of incidents does not, on its own, demonstrate that controls are effective. An organisation may report few cases, however, this does not necessarily mean risk is low – perhaps detection is weak, reporting is discouraged or risks have not yet surfaced.

Collect actionable data

Agencies should collect and record information accurately and consistently. Clear categorisation of alleged or proven wrongdoing, alongside details of actual or estimated losses, enable integrity staff to analyse trends, impacts and recurrence over time.

Use leading and lagging indicators

Meaningful measurement requires both leading indicators that show how the system is operating before problems occur and lagging indicators that record what has already happened.

Undertake reporting and assurance

Measurement insights must reach decision makers who are able to act on them. Governance bodies, boards, audit and risk committees, and senior leadership should receive regular, meaningful reporting on the health of the corruption prevention system. Effective reporting goes beyond point-in-time compliance statistics to highlight trends, patterns, emerging risks and honest assessments of both strengths and weaknesses. The maturity and candour of assurance reporting is itself a sign of organisational integrity.

Find out more about corruption

Corruption diverts public resources, distorts decision making, undermines trust in institutions and weakens outcomes across economic, social and regulatory systems

Find out more about the corruption problem
Corruption and fraud rarely happen by accident. Pressure, opportunity and rationalisation, as well as skilled manipulators, can make corruption hard to detect

Understand the conditions that can lead to corruption
Corruption is a group of behaviours that can be subtle, obvious or escalate over time

Learn the common forms of corruption
Any organisation can be impacted by corruption, but certain key operational areas carry higher risk

Find out where corruption is most likely to occur

Download the guide

Corruption prevention guide: Managing corruption risk in the New Zealand public sector

Download PDF